<?php session_start();?>
<?php 
if(!isset($_SESSION['user']))
{
	header("Location: login.php");	
}
?>
<?php require_once('Connections/database.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

$message = "";

if ( $_SERVER['REQUEST_METHOD'] === 'POST' )
{
	$colname_User = "-1";
	if (isset($_SESSION['user'])) {
	  $colname_User = $_SESSION['user'];
	}
	mysql_select_db($database_database, $database);
	$query_User = sprintf("SELECT * FROM nguoidung WHERE TenDangNhap = %s AND MatKhau = %s", 
		GetSQLValueString($colname_User, "text"),
		GetSQLValueString($_POST["MatKhauCu"], "text"));
	$User = mysql_query($query_User, $database) or die(mysql_error());
	$row_User = mysql_fetch_assoc($User);
	$totalRows_User = mysql_num_rows($User);
	

	if($totalRows_User != 1)
	{
		$message = "Sai mật khẩu";
	}
	else
	{
		if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form")) {
		  $updateSQL = sprintf("UPDATE nguoidung SET MatKhau=%s WHERE TenDangNhap=%s",
							   GetSQLValueString($_POST['MatKhau'], "text"),
							   GetSQLValueString($_SESSION['user'], "text"));
		
		  mysql_select_db($database_database, $database);
		  $Result1 = mysql_query($updateSQL, $database) or die(mysql_error());
		}
		
		unset($_SESSION['user']);
		header(sprintf("Location: index.php"));		
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="vi-vn" lang="vi-vn">
<head>
    <title>Admin</title>
	<meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <meta name="ckeditor-sample-required-plugins" content="sourcearea">
	<meta name="ckeditor-sample-name" content="Full page support">
	<meta name="ckeditor-sample-group" content="Plugins">
	<meta name="ckeditor-sample-description" content="CKEditor inserted with a JavaScript call and used to edit the whole page from &lt;html&gt; to &lt;/html&gt;.">

    <link href="Content/style.css" rel="stylesheet" type="text/css" />
    <link href="Content/jquery-ui-1.9.2.custom.css" rel="stylesheet" type="text/css" />
    <script src="Scripts/jquery-1.8.3.min.js" type="text/javascript"></script>
    <script src="Scripts/jquery-ui-1.9.2.custom.min.js" type="text/javascript"></script>
    <script src="Scripts/jquery.validate.min.js" type="text/javascript"></script>
    <script src="Scripts/ckeditor/ckeditor.js" type="text/javascript"></script>
    <script src="Scripts/ckeditor/samples/sample.js"></script>	
    <script type="text/javascript">
        $(document).ready(function () {
            $('.dropdown').hover(function () {
                $(this).find('.MenuCP').toggle();
            });
        });

        function MenuClick(url) {
            window.location.href = url;
        }
    </script>
   
</head>
<body>
    <div id="wrap">
        <div id="header">
            <img alt="dat nuoc viet logo" src="Content/Images/gift_logo_20.png" height="100px"/>
        </div>
        <div id="menu">
            <ul id="navigation">
                <li class="dropdown" id="MenuHome"><a href="index.php" class="menuitem">Trang chủ</a></li>
                <li class="dropdown" id="MenuDanhMuc"><a href="DanhMuc.php" class="menuitem">Danh mục</a>
                </li>
                <li class="dropdown" id="MenuSanPham"><a href="SanPham.php" class="menuitem">Sản phẩm</a>
                </li>
              <li class="dropdown" id="MenuCP"><a href="thaydoimatkhau.php" class="menuitem">Thay đổi mật khẩu</a></li>
            </ul>
        </div>

        <div id="date">
            <div class="datecontrol">
                <a href="../index.php" target="_blank">Trang chủ</a>&nbsp;&nbsp;&nbsp;
                <a href="logout.php">Đăng xuất</a>
            </div>
            <div class="clear">&nbsp;</div>
        </div>
        <div id="content">
			<div class="contenttitle">
                <div class="titleplace">
                    <span>Thay đổi mật khẩu</span>&nbsp;&nbsp;&nbsp;
                </div>
              <div class="clear">&nbsp;</div>
            </div>
            <div class="contentitem">
            	<p style="color:#F00; font-size:120%">
                	<?php
						if($message != "")
						{
							echo $message;
						}
					?>
                </p>
       	  <form method="POST" action="<?php echo $editFormAction; ?>" name="form"> 
            		<div class="atributelabel">Mật khẩu cũ <span style="color:Red;">(*)</span>:</div>
                    <div class="atributeeditor"><input type="password" class="input250" name="MatKhauCu" id="MatKhauCu"/></div>
                    <div class="clear">&nbsp;</div>
                    
               	 	<div class="atributelabel">Mật khẩu mới <span style="color:Red;">(*)</span>:</div>
                    <div class="atributeeditor"><input type="password" class="input250" name="MatKhau" id="MatKhau"/></div>
                    <div class="clear">&nbsp;</div>
                  
               		<div class="atributelabel">Nhập lại mật khẩu mới: <span style="color:Red;">(*)</span>:</div>
                    <div class="atributeeditor"><input type="password" class="input250" name="MatKhau2" id="MatKhau2"/></div>
                    <div class="clear">&nbsp;</div>
                    
                    <div class="atributelabel">&nbsp;</div>
                    <div class="atributeeditor">
                      <input type="submit" value="Thay đổi mật khẩu" onclick="return checkfrm();"/>
                    </div>         
                    <div class="clear">&nbsp;</div>
                    <input type="hidden" name="MM_update" value="form" />
            </form>  
              <script>
					function checkfrm()
					{
						var oldpass = document.getElementById("MatKhauCu").value;
						var pass1 = document.getElementById("MatKhau").value;
						var pass2 = document.getElementById("MatKhau2").value;
						if(pass1 !== pass2)
						{
							alert("Mật khẩu nhập lại không khớp");
							return false;
						}
						if(oldpass == "" || pass1 == "" || pass2 == "")
						{
							alert("Không hợp lệ");
							return false;
						}
					}
				</script>    
            </div>
        </div>      
    </div>  
</body>
</html>
<?php
if ( $_SERVER['REQUEST_METHOD'] === 'POST' ){
mysql_free_result($User);
}
?>
